<?php
	@session_start();
	require("includes/config.php");
	require("includes/class/user.class.php");
	
	$user = new User();

	$msg_info = $msg_alert = $msg_error = false;
	$_SESSION['msg_cool'] = '';
	$show_msg = 0;
	
	if(( isset($_POST['login']) && $_POST['login'] !="") && (isset($_POST['password']) && $_POST['password'] !="")  && ( is_string($_POST['login']) && is_string($_POST['password']))  ){
		require("includes/class/RijndaelHex.php");
		$rijndaelHex = new RijndaelHex();
		
		if(!isset($_SESSION['intentosLog']))
			$_SESSION['intentosLog'] = 1;
		
		$loginUsername = $_SESSION['loginUsername'] = mysql_real_escape_string(strip_tags($_POST['login']));
		$password =	$rijndaelHex->linencrypthex( $loginUsername.mysql_real_escape_string(strip_tags($_POST['password'])).$loginUsername );
		
		if( $_SESSION['intentosLog'] >= 7 ){
			$_SESSION['intentosLog'] = 1;
			if ($user->userExist( $loginUsername ) ){			
				if ( $user->userChangeStatus( $user->code, 'Blocked' ) ){
					$msg_info = true;
					$_SESSION["msg_cool"] .= 'The user <strong>'.$loginUsername.'</strong> has been blocked. Please, contect the manager site.<br />';
				}
			}
			else{
				$msg_alert = true;
				$_SESSION["msg_cool"] .= 'Incorrect Data..<br />';	
			}
		}
		elseif ( $_SESSION['intentosLog'] >= 4 && $_POST['letraVal'] != $_SESSION['codigoVal']){
			$msg_alert = true;
			$_SESSION["msg_cool"] .= 'Security code incorrect.<br />';
		}
		elseif( $user->validateAccount($loginUsername,$password) ){
			if( $user->use_status == 'Active' ){
				unset ( $_SESSION['loginUsername'] );					
				$_SESSION['intentosLog'] = 1;
				$_SESSION['statusSession'] = true;
				
				$_SESSION['use_code'] = $user->use_code;
				$_SESSION['use_name'] = $user->use_name;
				$_SESSION['use_lastname'] = $user->use_lastname;
				$_SESSION['use_email'] = $user->use_email;
				$_SESSION['use_login'] = $user->use_login;
				$_SESSION['use_status'] = $user->use_status;
				$_SESSION['use_type'] = $user->use_type;
				$_SESSION['use_date_create'] = $user->use_date_create;
				
				echo "<script> window.location.href = 'home.php'</script>";
			}
			elseif ( $user->use_status == 'Inactive' ){
				$msg_info = true;
				$_SESSION["msg_cool"] .= 'The user <strong>'.$loginUsername.'</strong> is currently incative.<br />';
			}
			elseif ( $user->use_status == 'Blocked' ){
				$msg_info = true;
				$_SESSION["msg_cool"] .= 'The user <strong>'.$loginUsername.'</strong> is currently blocked.<br />';
			}
			else{
				$_SESSION['intentosLog']++;
				$msg_alert = true;
				$_SESSION["msg_cool"] .= 'Incorrect Data<br />';
			}
		}
		else{
			$_SESSION['intentosLog']++;
			$msg_alert = true;
			$_SESSION["msg_cool"] .= 'Incorrect Data.<br />';
		}		
	}
	
	if ( $msg_error )
		$show_msg = 1;
	elseif ( $msg_alert )
		$show_msg = 2;
	elseif ( $msg_info )
		$show_msg = 3;
?>